Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced the release of the Webroot BrightCloud® Threat Investigator. The powerful new threat investigation tool provides enterprises, managed service providers (MSPs), and managed security service providers (MSSPs) with instant access to actionable threat intelligence on individual IPs and URLS, and the ability to drill down into each object’s category, history, and related IPs or URLs for threat investigation and incident response. In the event of an ongoing cyber investigation, this saves precious time and enables security analysts or first responders to focus on the most critical issues right away. Security personnel are then better able to mitigate the effects of a breach, limit exfiltration of customer data or intellectual property, and limit reputation-related fallout.

According to the Webroot 2016 Threat Brief, attackers are using a larger pool of IP addresses for launching attacks and are increasing their usage of new IP space as threat intelligence services improve at identifying these threats. Coupled with the overwhelming amount of information and alerts security personnel receive, this has created an environment that makes it challenging to prioritize and minimize response time. The BrightCloud Threat Investigator’s web-based, graphical user interface (GUI) research console makes research more manageable by providing insight into a number of variables, including why Webroot categorizes a specific IP or URL as malicious, why specific reputation scores are assigned, and how long a particular IP or URL has been a threat. This context allows enterprise security teams to quickly make specific data-driven decisions.

“Today’s enterprises are faced with such vast quantities of threat information, millions of log entries, and thousands of SIEM alerts, and that can be overwhelming,” said Mike Malloy, executive vice president of products and strategy at Webroot. “The BrightCloud Threat Investigator provides a rich source of additional detail to help security analysts determine the right course of action, save precious time in the investigation and remediation process, and mitigate the costly effects of a breach.”

In order to identify the proverbial cybersecurity “needle in a haystack”, security personnel must use their time and resources wisely. The Webroot Threat Investigator makes this possible by leveraging the massive cloud infrastructure and machine learning technology in the Webroot® Threat Intelligence Platform. Analysts can examine individual objects and predict which of those are likely to be malicious based on their relationships with other internet objects. Webroot continuously monitors and maintains a database of over four billion IP addresses from which a dynamic list of approximately 12 million malicious IPs is updated every few minutes. The Webroot Threat Intelligence Platform correlates IP reputation data with URL, file, and mobile and PC application data to determine relationships between object types while providing a predictive risk score for each IP and URL.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.